Commit Graph

446 Commits

Author SHA1 Message Date
Unrud
deffed8f14 Do SSL handshake in request thread (fixes #674)
The handshake could block the main thread, especially since the socket timeout was not set at that point.
2017-07-27 01:46:27 +02:00
Unrud
b3957bc2c7 Bump version to 2.1.2 2017-07-24 04:22:57 +02:00
Unrud
1f4fb9e306 Use repr(...) instead of "%r" % ... 2017-07-22 23:32:26 +02:00
Unrud
d0aacd3dcf Check uploaded data for more than one VCALENDAR 2017-07-22 23:32:26 +02:00
Unrud
05b1e8296c Check collection properties 2017-07-22 23:32:26 +02:00
Unrud
863c70f35f Improve validation of uploaded items and stored items
This reverts commit 4533f76df9.
2017-07-22 23:32:26 +02:00
Unrud
4f831de006 Verify number of components in items 2017-07-15 09:42:01 +02:00
Unrud
f4a9399a97 Change HTTP response 303 to 302 2017-07-01 04:20:13 +02:00
Unrud
08919510cb Bump version to 2.1.1 2017-07-01 01:25:16 +02:00
Unrud
2b3fd1fb9b Add missing UIDs instead of failing 2017-07-01 01:24:53 +02:00
Unrud
c135dc026d Fix uploading of whole address books 2017-07-01 01:24:53 +02:00
Unrud
5576cb38eb Bump version to 2.1.0 2017-06-25 09:55:39 +02:00
Unrud
6bf7aa2b3c Bump version to 2.1.0rc3 2017-06-23 22:04:37 +02:00
Unrud
df5565f237 Only send timeout responses for client timeouts
A timeout could happen in an custom storage backend.
2017-06-23 21:55:44 +02:00
Unrud
746cd9feb1 Include exception in timeout log message 2017-06-23 21:55:42 +02:00
Unrud
65a1b572e3 Bump version to 2.1.0rc2 2017-06-21 09:57:52 +02:00
Unrud
68184858b4 Add request method and path to error message 2017-06-21 09:54:33 +02:00
Unrud
db93d969ab Bump version to 2.1.0rc1 2017-06-17 01:45:53 +02:00
Unrud
39a11bc7b7 Change "answer" to "response" in log message 2017-06-17 01:41:33 +02:00
Unrud
cf9129f6db Name web plugin as the other plugins 2017-06-16 23:28:15 +02:00
Unrud
9ce8e9d94d Include path in access denied log message 2017-06-16 23:28:15 +02:00
Unrud
0cb6642ec3 Don't overwrite environment variables
The original PATH_INFO is required for redirects.
2017-06-16 23:28:15 +02:00
Unrud
5669433f58 Let rights plugins decide if access to item is granted 2017-06-16 23:28:15 +02:00
Unrud
04c51d2ced Check if item is collection with storage.BaseCollection
The same as in xmlutils.py
2017-06-16 23:12:08 +02:00
Unrud
f1f94dffbd Output raw collection path
The same as everywhere else.
2017-06-15 23:44:35 +02:00
Unrud
02371685bd Respond with bad request when MKCOL, MCALENDAR or MOVE fails 2017-06-09 02:59:29 +02:00
Unrud
a4fc123286 Use last_modified attribute of item 2017-06-09 02:59:29 +02:00
Unrud
3753364fc8 XML error message for invalid sync-token 2017-06-07 14:17:57 +02:00
Unrud
2860c664d0 Check that vobject_item have a UID 2017-06-06 20:01:09 +02:00
Unrud
fe97741f08 Better reporting of errors in PUT requests 2017-06-06 20:01:07 +02:00
Unrud
78a62aee86 Merge pull request #565 from Unrud/synctoken
Support for sync-token and sync-collection
2017-06-02 13:01:54 +02:00
Unrud
f2b415c4a6 Initial sync-token and sync-collection support
Use the etag of the collection as the sync token and tell the client that the token is invalid when the collection changed.
2017-06-02 12:44:23 +02:00
Unrud
3af5809d71 Add option for CA certificate for validating clients
This can be used to secure TCP traffic between Radicale and a reverse proxy
2017-06-02 12:41:03 +02:00
Unrud
ab9e9b2d7c Add web interface module 2017-05-31 13:18:40 +02:00
Unrud
edaf21561d Don't strip SCRIPT_NAME from PATH_INFO 2017-05-31 12:01:37 +02:00
Unrud
5704b5021b PATH_INFO might not exist if it's empty 2017-05-31 12:01:35 +02:00
Unrud
c9664137a5 Improve error handling
* Check the configuration file for errors (check option names and basic type checking).
  * Perform basic type checking on command line arguments.
  * Only print stack traces in debug mode.
  * Include much more information in error messages (e.g. include the path of invalid files).
  * Send Bad Request to clients for invalid XML requests or iCalendar data.
  * Change the log level of some messages.
2017-05-31 11:31:54 +02:00
Unrud
09bde14e50 Allow auth backends to provide login and password
This is used to implement an auth backend that takes the credentials from an HTTP header (e.g. accounts are managed by an reverse proxy)
2017-05-31 02:07:49 +02:00
Unrud
8536ffee44 Preserve empty PATH_INFO from WSGI and strip base prefix from destination 2017-05-30 22:58:57 +02:00
Unrud
11c5dfdb53 Improve handling of XML requests and responses
* Move parsing/serialization of XML requests/responses from ``xmlutils.py`` to ``__init__.py``.
  * Log XML requests/responses in pretty-printed form.
      * Previously only the responses were logged in readable form. This is useful for debugging.
      * The XML documents are only converted for pretty-printing if debugging is enabled (it's expensive)
  * Send XML responses in minimized form to clients.
  * Add **encoding** attribute to XML declaration in XML response.
  * Only decode XML requests once. (Previously they were decoded, encoded and decoded again.)
2017-05-30 09:15:51 +02:00
Unrud
f1a9cf7694 Allow already encoded answers 2017-05-30 09:02:37 +02:00
Guillaume Ayoub
a94a3bc7c2 Version 2.0.0 2017-05-27 18:10:46 +02:00
Guillaume Ayoub
3e0c8cf285 Update copyright years 2017-05-27 17:28:07 +02:00
Unrud
577d9317d2 Strip script name from path 2017-05-26 11:02:07 +02:00
Unrud
cf78a23856 Improve logging
Log failed login attempts more clearly and also log access violations of authenticated users.
2017-05-23 04:16:52 +02:00
Unrud
f2fb07fa84 Move authentication delay into __init__.py and add config
Use the delay for all backends (not only htpasswd).
Add configuration option to configure the delay.
2017-05-23 04:07:32 +02:00
Unrud
fb970246e0 Only query auth backend when a user is set 2017-05-23 04:07:32 +02:00
Guillaume Ayoub
dcb0638538 Version 2.0.0rc2 2017-04-19 14:10:02 +02:00
Guillaume Ayoub
7e2406c778 Version 2.0.0rc1 2017-04-15 15:51:05 +02:00
Guillaume Ayoub
864eb5931a Merge setup.cfg and pytest.ini, fix tests 2017-04-15 10:51:00 +02:00
Unrud
8a98f4861d Fix permissions for REPORT request
Only read access is required.
2017-03-13 08:22:14 +01:00
Unrud
7d687205bd Use logger for WSGIServer
Log exception from the WSGIServer. Exceptions from socket timeouts are currently written to stderr.
2017-03-10 13:39:26 +01:00
Unrud
5cd5cfe368 Use REMOTE_ADDR if REMOTE_HOST is missing
WSGIRequestHandler doesn't set REMOTE_HOST if dns lookup is disabled.
2017-03-07 20:34:37 +01:00
Unrud
69d39b47ca Also log the forwarding host for forwarded requests 2017-03-07 20:34:36 +01:00
Unrud
c104da28ce Use UNKNOWN if user agent is missing
This is much shorter and doesn't clutter the log as much.
2017-03-07 20:33:37 +01:00
Unrud
266dc608f2 Remove unnecessary if-statements 2017-03-07 20:32:23 +01:00
Guillaume Ayoub
5d67257555 Merge branch 'trycatch-broken-objects' of https://github.com/pbiering/Radicale into pbiering-trycatch-broken-objects 2017-02-26 16:24:41 +01:00
Guillaume Ayoub
46fcec8fe0 Cosmetics 2017-02-26 16:19:38 +01:00
Guillaume Ayoub
e6880057a2 Merge pull request #518 from pbiering/improved-access-logging
improved request logging
2017-02-26 16:17:44 +01:00
Guillaume Ayoub
9d958e8e51 Remove unused import 2017-02-26 16:13:50 +01:00
Guillaume Ayoub
3213495245 Merge branch 'url' of https://github.com/Unrud/Radicale into Unrud-url 2017-02-26 14:43:59 +01:00
Guillaume Ayoub
e55d75ce46 Set charsets in headers 2016-10-12 14:50:53 +02:00
Guillaume Ayoub
c459d32a19 Use argparse to parse command arguments
This commit also allows users to specify all the config values through
the command line.

Fix #154.
2016-10-12 14:30:18 +02:00
Peter Bieringer
c578470fc3 log depth also on response log line 2016-09-19 20:11:52 +02:00
Peter Bieringer
f52fa73cab check env first before using HTTP_DEPTH 2016-09-19 20:04:11 +02:00
Peter Bieringer
87061df68f add conditional logging of given depth 2016-09-19 19:59:47 +02:00
Peter Bieringer
d116423458 improved request logging 2016-09-17 15:35:43 +02:00
Peter Bieringer
e6ba31937a 3rd catch 2016-09-17 15:11:02 +02:00
Unrud
83046c80c4 Let reverse proxies overwrite script name
Reverse proxies can overwrite the script name with the HTTP header field X-Script-Name.
2016-09-06 16:53:14 +02:00
Unrud
13d652b094 Remove unnecessary module prefix 2016-09-04 22:26:46 +02:00
Unrud
664fa71278 Don't double unquote request URL
"%2525" was transformed to "%" instead of "%25".
2016-09-04 22:26:46 +02:00
Unrud
dbaf58dbfe Remove base_prefix and use SCRIPT_NAME instead
This conforms with the WSGI reference (PEP 333)
2016-09-04 22:26:40 +02:00
Unrud
fe5daf801a Set password to empty string instead of None
Prevent exception in auth module.
2016-09-03 10:01:52 +02:00
Unrud
2a9f37defb Repair authentication 2016-09-02 14:41:31 +02:00
Guillaume Ayoub
88d558f9fa Remove useless nested tuples 2016-09-02 11:05:35 +02:00
Guillaume Ayoub
68e1e9dfb2 Don't use mutables in constants or parameters 2016-09-02 11:04:29 +02:00
Unrud
20b1480399 Make copy of headers before mutating 2016-09-02 04:23:47 +02:00
Unrud
f7e995f9f6 Move encoding of answer into response function
Fix #505
2016-09-02 04:10:11 +02:00
Guillaume Ayoub
e25373fa85 Merge pull request #501 from Unrud/httperrors
HTTP error messages
2016-08-31 14:49:19 +02:00
Guillaume Ayoub
8d92b371e4 Merge pull request #502 from Unrud/patch-40
Plain text for GET / instead of malformed HTML
2016-08-31 14:42:59 +02:00
Guillaume Ayoub
db681da08e Merge pull request #500 from Unrud/loginuser
Map logins to internal users in Auth module
2016-08-31 14:40:08 +02:00
Unrud
f875bcd892 Plain text for GET / instead of malformed HTML
It's basically the same in browsers and looks nicer in tools that don't support HTML rendering (like curl).
2016-08-31 02:01:18 +02:00
Unrud
ff2b8f6e5c Use NOT_FOUND instead of GONE
Thunderbird doesn't recognize the status code correctly and shows an synchronization error.
2016-08-31 01:54:31 +02:00
Unrud
1ea9b1dca9 Return error for GET requests on directories
Radicale doesn't support directory listings.
2016-08-31 00:45:14 +02:00
Unrud
4ac2e68f5c Add HTTP error messages
Browsers just show a blank page if an error occurs. You have to open the developer tools to see the HTTP status code. E.g. a user wants to download a calendar in the browser and the URL is wrong.

Some tools like curl don't show any indication of an error.
2016-08-31 00:41:08 +02:00
Unrud
689e5c9dd5 Map logins to internal users in Auth module
This makes it possible to implement #349 as a Auth module. Another use case would be to encode usernames that contain characters unsupported by the file system.
2016-08-30 23:13:33 +02:00
Unrud
e782808a14 Remove empty line in log
Separating requests by an empty line doesn't work any longer with parallel (overlapping) requests.
2016-08-30 14:04:16 +02:00
Guillaume Ayoub
34ad1b9073 Remove useless import 2016-08-29 12:07:58 +02:00
Guillaume Ayoub
fd1742fcea Fix typo 2016-08-29 12:07:30 +02:00
Guillaume Ayoub
9e78454da2 Merge branch 'remupdate' of https://github.com/Unrud/Radicale into Unrud-remupdate 2016-08-26 22:50:26 +02:00
Guillaume Ayoub
ac61b18237 Merge pull request #490 from Unrud/hook
Move hook into storage.Collection
2016-08-26 15:58:42 +02:00
Guillaume Ayoub
0e646cdae4 Merge branch 'Unrud-logging' 2016-08-25 11:52:12 +02:00
Unrud
c5342d36d5 Remove BaseCollection.update
I don't think that this can be used for optimizations.

It's useless in the filesystem backend, SQL has REPLACE and I doubt that there is much use in any other storage mechanism.
2016-08-25 06:37:12 +02:00
Unrud
10786cbad8 Move hook into storage.Collection
The hook is only valid for filesystem storage, it's meaningless for other backends like databases.
2016-08-25 05:40:46 +02:00
Unrud
8db580abce Try to decode URLs with utf-8 (Fixes #486) 2016-08-25 05:30:46 +02:00
Unrud
3b71ab960e Log exceptions (Fixes #447)
Exceptions were just written to stderr but not into logs.
2016-08-25 05:24:24 +02:00
Unrud
6515062bcd Return HTTP status in xmlutils.propfind 2016-08-12 23:34:08 +02:00
Guillaume Ayoub
d3d29802ad Merge pull request #474 from Unrud/patch-31
PROPFIND rights checking
2016-08-11 11:44:43 +02:00
Unrud
4eb04e3526 PROPFIND rights checking
Return 404 and 403 only when it's appropriate. Don't ask users for passwords if an item just doesn't exist (e.g. mistyped URL).
2016-08-11 02:19:48 +02:00
Unrud
e2b87d145f Cosmetics: Don't use % for logging 2016-08-10 23:43:32 +02:00